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DETAILED ACTION 

A request for continued examination under 37 CFR 1.114, including the fee set forth in 
37 CFR 1 .17(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1 .17(e) 
has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 
37 CFR 1.114. Applicant's submission filed on 04/27/07 has been entered. 

Response to Arguments 
Applicant's arguments filed 0AI21I01 have been fully considered the newly added . 
limitations are taught by the prior art provided. 

Claim Rejections - 35 USC § 112 
The following is a quotation of the first paragraph of 35 U.S,C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of making 
and using it, in such fill!, clear, concise, and exact terms as to enable any person skilled in the art to which it 
pertains, or with which it is most nearly connected, to make and use the same and shall set forth the best mode 
contemplated by the inventor of canying out his invention. 

Claim 36 is rejected under 35 U.S.C. 1 12, first paragraph, as failing to comply with the 
written description requirement. The claim(s) contains subject matter which was not described 
in the specification in such a way as to reasonably convey to one skilled in the relevant art tliat 
•the inventor(s), at the time the application was filed, had possession of the claimed invention. 

The specification, describes permitting access from any of the locations (Fig. 5F), does 
not describe "...wherein a given requestor is only able to access secured items using only a 
single one of said local servers or the central server such that the given requestor can only access 
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secured items through at most one of said local servers at a time even though the given requestor 
is permitted to access secure items through more than one of said local servers". Questions are 
raised as to where control of the access is located, at the client or the server, so that the user can 
only access one server at a time. The disclosure (Fig. 5F) discloses gaining access to secure 
items from the first location, not the access of only a single one of local servers or the central 
server. The disclosure does not disclose that the system controls the number of servers that a 
user gains access, instead the disclosure discloses the control of the location that the user can 
access from. Is the access of only a single one of local server controlled by an Access control 
List, the location of the server, content of the server, encryption and key distribution? The 
examiner has assumed that the control of the number of servers accessed by the client is 
controlled by encryption and the distribution of keys for communication to a particular server. 

Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having.ordinaiy skill in the ait to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claim 36 is rejected under 35 U.S.C. 103(a) as being unpatentable over Stallings 
(Cryptography and Network Security) in view of Narasimhalu et al (EP 0672991 A2). 

In reference to claim 36, Stallings teaches the Keberos system comprising: a central 
server having a server module that provides overall access control (Keberos authentication server 
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page 333); and a plurality of local servers, each of said servers including a local module that 
provides local access control (last paragraph on page 333), wherein the access control, performed 
by said central server or said local servers, operates to pennit or deny access requests to secured 
items by requestors (Kerberos authentication server Fig 1 1 .2), and wherein a given requestor is 
only able to access secured items using only a single one of said local servers or the central 
server such that the given requestor can only access secured items through at most one of said 
local servers at a time even though the given requestor is permitted to access secure items 
through more than one of said local servers (page 336 Session keys). 

Although Stallings discloses pennitting access to a requestor, Stallings does not teach 
permitting access based on information stored in an encrypted header of a secure item. 

Narasimhalu teaches a system and apparatus for controlling the dissemination of digital 
infoniiation. Access to the information is permitted based on infoniiation stored in an encrypted 
header (secret key) of a secure item (Fig. 2 and 4 in combination with page 5 lines 35-47). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to place access information in a header and encrypt the header as in Narasimhalu 
in the system of Stallings. One of ordinary skill in the art would have been motivated to do this 
because the system would allow for the control of the use of digital infonnation (page 2 line 54 
to page 3 line 2). 

Claims 1-35 are rejected under 35 U.S.C. 103(a) as being unpatentable over Samson et al 

(6,339,423) in view of Boebeit et al (5,502,766) and Narasimhalu et al (EP 0672991 A2). 
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In reference to claims 1 and 34, Samson discloses a system and method comprising: (a) 
receiving, at a first server machine of the plurality of server machines (Fig. 2), an access request 
to access secure items from a user of a first client machine at a first location (column 4 lines 35- 
36), (b) authenticating the user of the first client machine at the first location (column 5 lines 30- 
45); (d) detemiining whether the user is pemiitted to gain access to secure items via the first 
location when said authenticating (b) and (c) are successful (column 4 line 62 to column 5 line 2) 
(e) permitting the user to gain access to secure items via the first server machine when said 
determining (d) determines that the user is permitted to gain access to secure items from the first 
location (Fig 3 A and B parts 318-338), and (f) preventing the user to gain access to secure items 
via the first server machine when said determining (e) determines that the user is not permitted to 
gain access to secure items from the first location (Fig 3 A and B parts 318-332). 

Although the system of Samson discloses and authentication process for the user, the 
system does not disclose (c) authenticating the first client machine. 

Boebert discloses a system for providing the secure transfer and sharing of data via a 
local area network (abstract). The system comprises an identification and authentication process 
for the user and the client machine (column 4 lines 26-35). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to add the system of authenticating the client machine as well as the human user as 
in the system of Boebert in that authentication process of Samson. One of ordinary skill in the 
art would have been motivated to do this because it enables the implementation of sophisticated 
security policies by the Secure Computer such as the user may be authorized to access 
engineering drawings, but only form terminals located inside the engineering area. 
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Samson and Boebert do not teach retrieving a user key pemiitting access to an encrypted 
header of the secured item, the encrypted header including access rules for the secured item. 

Narasimhalu discloses upon successful authentication, retrieving a user key pennitting 
access to an encrypted header of the secured item, the encrypted header including access rules 
for the secured item (Fig. 2 and 4 in combination v^ith page 5 lines 35-47). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to place access infomation in a header and encrypt the header as in Narasimhalu 
in the system of Stallings. One of ordinary skill in the art would have been motivated to do this 
because the system would allow for the control of the use of digital information (page 2 line 54 
to page 3 line 2). 

In reference to claims 21 and 35, Samson discloses a system and method comprising: 
receiving, at a first server machine of the plurality of server machines (Fig. 2), an access request 
to access secure items from a user of a first client machine at a first location (column 4 lines 35- 
36), authenticating the user of the first client machine at the first location (column 5 lines 30-45); 
retrieving access privileges associated with the user (column 5 lines 38-46); determining whether 
the user is permitted to gain access to secure items via the first location when said authenticating 
are successful (column 4 line 62 to column 5 line 2) permitting the user to gain access to secure 
items via the first server machine when said determining determines that the user is permitted to 
gain access to secure items (Fig 3 A and B parts 31 8-338), and preventing the user to gain access 
to secure items via the first server machine when said determining determines that the user is not 
pennitted to gain access to secure items from the first location (Fig 3 A and B parts 318-332). 
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Although the system of Samson discloses and authentication process for the user, the 
system does not disclose authenticating the first client machine. 

Boebert discloses a system for providing the secure transfer and sharing of data via a 
local area network (abstract). The system comprises an identification and authentication process 
for the user and the client machine and detemiining whether user is pemiitted access from the 
location (column 4 lines 26-35). 

At the time the invention was made; it would have been obvious to a person of ordinary 
skill in the art to add the system of authenticating the client machine as well as the human user as 
in the system of Boebert in that authentication process of Samson. One of ordinary skill in the 
art would have been motivated to do this because it enables the implementation of sophisticated 
security policies by the Secure Computer such as the user may be authorized to access 
engineering drawings, but only form terminals located inside the engineering area (column 4 
lines 35-45). 

Samson and Boebert do not teach retrieving a user key permitting access to an encrypted 
header of the secured item, the encrypted header including access rules for the secured item. 

Narasimhalu discloses upon successful authentication, retrieving a user key permitting 
access to an encrypted header of the secured item, the encrypted header including access rules 
for the secured item (Fig. 2 and 4 in combination with page 5 lines 35-47). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to place access information in a header and encrypt the header as in Narasimhalu 
in the system of Stallings, One of ordinary skill in the art would have been motivated to do this 
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because the system would allow for the control of the use of digital infonnation (page 2 line 54 
to page 3 line 2). 

In reference to claim 2, although the system of Samson discloses and authentication 
obtaining access privileges associated with the user (column 4 line 62 to column 5 line 2), 
Samson does not disclose a system of authentication wherein said determining comprises: to 
determine at least permitted locations for the user; and (d2) determining whether the user is 
permitted to gain access to secure items from the first location based on the peiTnitted locations 
associated with the user. 

Boebert discloses a system for authentication wherein the detennining comprises 
obtaining access privileges associated with the user to determine at least permitted locations for 
the user; and determining whether the user is permitted to gain access to secure items from the 
first location based on the permitted locations associated wit the user (column 4 lines 27-45). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to add the system of authenticating the client machine as well as the human user as 
in the system of Boebert in that authentication process of Samson, One of ordinary skill in the 
art would have been motivated to do this because it enables the implementation of sophisticated 
security policies by the Secure Computer such as the user may be authorized to access 
engineering drawings, but only form terminals located inside the engineering area (column 4 
lines 35-45). 

In reference to claim i, wherein, when permitted by said permitting (e), the user gains 
access to secure items from the first location via the first client machine and the first server 
machine. 
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Although the system of Samson discloses and authentication process for the user, the 
system does not disclose authenticating the first client machine. 

Boebert discloses a system for providing the secure transfer and sharing of data via a 
local area network (abstract). The system comprises an identification and authentication process 
for the user and the client machine and detemiining whether user is permitted access from the 
location (column 4 lines 26-35). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to add the system of authenticating the client machine as well as the human user as 
in the system of Boebert in that authentication process of Samson. One of ordinary skill in the 
art would have been motivated to do this because it enables the implementation of sophisticated 
security policies by the Secure Computer such as the user may be authorized to access 
engineering drawings, but only form terminals located inside the engineering area (column 4 • 
lines 35-45). 

In reference to claim 4, wherein, when permitted by said permitting (e), the user gains 
access to secure items from the first location via the first client machine and the first server 
machine. 

Although the system of Samson discloses and authentication process for the user, the 
system does not disclose authenticating the first client machine. 

Boebert discloses a system for providing the secure transfer and sharing of data via a 
local area network (abstract). The system comprises an identification and authentication process 
for the user and the client machine and determining whether user is pennitted access from the 
location (column 4 lines 26-35). 
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At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to add the system of authenticating the client machine as well as the human user as 
in the system of Boebert in that authentication process of Samson. One of ordinary skill in the 
art would have been motivated to do this because it enables the implementation of sophisticated 
security policies by the Secure Computer such as the user may be authorized to access 
engineering drawings, but only form terminals located inside the engineering area (column 4 
lines 35-45). 

In reference to claims 5, 22, and 24, wherein said method comprises the acts of: (g) 
preventing the user from gaining access to secure items via any of the server machines other than 
the first server machine when said determining (d) determines that the user is permitted to gain 
access to secure items from the first location. 

Although the system of Samson discloses and authentication process for the user, the 
system does not disclose authenticating the first client machine. 

Boebert discloses a system for providing the secure transfer and sharing of data via a 
local area network (abstract). The system comprises an identification and authentication process 
for the user and the client machine and determining whether user is permitted access from the 
location (column 4 lines 26-35). The user is only permitted to access the resource from a 
particular location therefore since the other locations are not permitted to access the resource the 
no other server will pennit access. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to add the system of authenticating the client machine as well as the human user as 
in the system of Boebert in that authentication process of Samson. One of ordinary skill in the 
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art would have been motivated to do this because it enables the implementation of sophisticated 
security policies by the Secure Computer such as the user may be authorized to access 
engineering drawings, but only form temiinals located inside the engineering area (column 4 
lines 35-45). 

In reference to claims 6 and 23, wherein said determining (d) comprises determining 
whether the user is permitted to gain access to secure items via the first client machine and the 
first server machine, and wherein said permitting (e) operates to perniit the user to gain access to 
secure items via the first client machine and the first server machine when said determining (d) 
determines that the user is permitted to gain access to secure items via both the first client 
machine and the first server machine. 

Although the system of Samson discloses and authentication process for the user, the 
system does not disclose authenticating the first client machine. 

Boebert discloses a system for providing the secure transfer and sharing of data via a 
local area network (abstract). The system comprises an identification and authentication process 
for the user and the client machine and determining whether user is pennitted access from the 
location (column 4 lines 26-35). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to add the system of authenticating the client machine as well as the human user as 
in the system of Boebert in that authentication process of Samson. One of ordinary skill in the 
art would have been motivated to do this because it enables the implementation of sophisticated 
security policies by the Secure Computer such as the user may be authorized to access 
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engineering drawings, but only fomi tenninals located inside the engineering area (column 4 
lines 35-45). 

In reference to claim 7, wherein said determining comprises detemiining whether the 
user is permitted to gain access to secure items via the first server machine, and wherein said 
permitting operates to pemiit the user to gain access to secure items via the first server machine 
when said determining determines that the user is permitted to gain access to secure items via the 
first server machine (Fig 2 and 3). 

In reference to claim 8, wherein said detennining (d) comprises determining whether the 
user is permitted to gain access to secure items via the first client machine, and wherein said 
permitting (e) operates to pennit the user to gain access to secure items via the first client 
machine when said determining (d) detemiines that the user is permitted to gain access to secure 
items via the first client machine (Fig 2 and 3). 

In reference to claim P, wherein said method comprises the acts of: (g) preventing the 
user fi-om gaining access to secure items via any of the server machines other than the first server 
machine when said determining (d) determines that the user is pemiitted to gain access to secure 
items from the first location. 

Although the system of Samson discloses and authentication process for the user, the 
system does not disclose authenticating the first client machine. 

Boebert discloses a system for providing the secure transfer and sharing of data via ja 
local area network (abstract). The system comprises an identification and authentication process 
for the user and the client machine and determining whether user is pennitted access from the 
location (column 4 lines 26-35). 
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At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to add the system of authenticating the client machine as well as the human user as 
in the system of Boebert in that authentication process of Samson. One of ordinary skill in the 
art would have been motivated to do this because it enables the implementation of sophisticated 
security policies by the Secure Computer such as the user may be authorized to access 
engineering drawings, but only form terminals located inside the engineering area (column 4 
lines 35-45). 

In reference to claims 10 and 25, wherein said preventing (g) of the user to gain access to 
secure items via any of the other server machines comprises reconfiguring at least any of the 
other server machines that previously permitted the user to gain access to secure items 
therethrough, 

Although Samson discloses preventing the user to gain access to secure items via any of 
the other server machines, Samson does not disclose preventing access to the server machine by 
reconfiguring at least any of the other server machines that previously permitted the user to gain 
access. Boebert also does not disclose the reconfiguration.. However, Boebert discloses 
controlling access to the resource using keys. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to revoke the key from the user when the user is no longer permitted access in the 
system of Boebert. One of ordinary skill in the art would have been motivated to do this because 
when the user is no longer permitted to access the resource revoking the key would discourage 
fraudulent activities. 
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In reference to claims 11 and 26, wherein said permitting of the user to gain access to 
secure items via the first server machine comprises reconfiguring the first server machine to 
permit access by the user to secured items via the first server machine. 

Although Samson discloses preventing the user to gain access to secure items via any of 
the other server machines, Samson does not disclose preventing access to the server machine by 
reconfiguring at least any of the other server machines that previously permitted the user to gain 
access. Boebert also does not disclose the reconfiguration. However, Boebert discloses 
controlling access to the resource using keys. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to revoke the key from the user when the user is no longer permitted access in the 
system of Boebert. One of ordinary skill in the art would have been motivated to do this because 
when the user is no longer permitted to access the resource revoking the key would discourage 
fraudulent activities. 

In reference claim 12 wherein said detemiining (d) comprises: obtaining access 
privileges associated with the user to determine at least peiTnitted locations for the user; and 
determining whether the user is permitted to gain access to secure items from the first location 
based on the pemiitted locations associated with the user. 

Although the system of Samson discloses and authentication obtaining access privileges 
associated with the user (column 4 line 62 to column 5 line 2), Samson does not disclose a 
system of authentication wherein said determining comprises: to determine at least permitted 
locations for the user; and (d2) determining whether the user is pennitted to gain access to secure 
items from the first location based on the permitted locations associated with the user. 
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Boebert discloses a system for authentication wherein the detennining comprises 
obtaining access privileges associated with the user to determine at least permitted locations for 
the user; and detennining whether the user is permitted to gain access to secure items from the 
first location based on the permitted locations associated wit the user (column 4 lines 27-45). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to add the system of authenticating the client machine as well as the human user as 
in the system of Boebert in that authentication process of Samson. One of ordinary skill in the 
art would have been motivated to do this because it enables the implementation of sophisticated 
security policies by the Secure Computer such as the user may be authorized to access 
engineering drawings, but only form terminals located inside the engineering area (column 4 
lines 35-45), 

hi reference to claims 13 and 27 wherein said permitting of the user to gain access to 
secure items via the first server machine comprises reconfiguring the first server machine to 
permit access by the user to secured items via the first server machine (column 5 lines 475-60). 

In reference to claims 14 and 25 wherein each of the secure items is a secured file, the 
secured file having a format that comprises a header including security information as to who 
and how the secure item can be accessed, an encrypted data portion including data of the secure 
file encrypted with a file key according to a predetermined cipher scheme, and wherein the 
header is attached to the encrypted data portion to generate the secured file. 

Samson does not disclose an encrypted data portion. However Boebert discloses each of 
the secure items is a secured file, the secured file having a format that comprises a header 
including security information as to who and how the secure item can be accessed, an encrypted 
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data portion including data of the secure file encrypted with a file key according to a 
predetermined cipher scheme, and wherein the header is attached to the encrypted data portion to 
generate the secured file (Fig. 12). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to add the system of authenticating the client machine as well as the human user as 
in the system of Boebert in that authentication process of Samson. One of ordinary skill in the 
art would have been motivated to do this because it enables the implementation of sophisticated 
security policies by the Secure Computer such as the user may be authorized to access 
engineering drawings, but only fonn terminals located inside the engineering area (column 4 
lines 35-45). 

In reference lo claims 15 and 29, wherein the security information in the header of the 
secured file facilitates the restricted access to the secured file. 

Boebert discloses a system wherein the security information in the header of the secured 
file facilitates the restricted access to the secured file (part 90 Fig. 8). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to add the system of authenticating the client machine as well as the human user as 
in the system of Boebert in that authentication process of Samson. One of ordinary skill in the 
art would have been motivated to do this because it enables the implementation of sophisticated 
security policies by the Secure Computer such as the user may be authorized to access 
engineering drawings, but only form terminals located inside the engineering area (column 4 
lines 35-45). 
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In reference to claim 16, wherein the security infomiation in the header of the secured 
file points to or includes the access rules and a file key. 

Boebert discloses the security infonnation in the header of the secured file points to or 
includes the access rules and a file key (Fig. 10). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to add the system of authenticating the client machine as well as the human user as 
in the system of Boebert in that authentication process of Samson. One of ordinary skill in the 
art would have been motivated to do this because it enables the implementation of sophisticated 
security policies by the Secure Computer such as the user may be authorized to access 
engineering drawings, but only form terminals located inside the engineering area (column 4 
lines 35-45). 

In reference to claims 1 7 and 30, wherein the security information is encrypted with a 
user key associated with a user. 

Boebert discloses the security information is encrypted with a user key associated with a 
user (Fig. 12). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to add the system of authenticating the client machine as well as the human user as 
in the system of Boebert in that authentication process of Samson. One of ordinary skill in the 
art would have been motivated to do this because it enables the implementation of sophisticated 
security policies by the Secure Computer such as the user may be authorized to access 
engineering drawings, but only fomi terminals located inside the engineering area (column 4 
lines 35-45). 
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In reference lo claims 18 and 31, wherein the security infonnation includes the file key 
and access rules to the restricted access to the secured file. 

Boebert discloses security infonnation includes the file key and access rules to the 
restricted access to the secured file (Fig. 16). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to add the system of authenticating the client machine as well as the human user as 
in the system of Boebert in that authentication process of Samson. One of ordinary, ski 11 in the 
art would have been motivated to do this because it enables the implementation of sophisticated 
security policies by. the Secure Computer such as the user may be authorized to access 
engineering drawings, but only form tenninals located inside the engineering area (column 4 
lines 35-45). 

In reference to claims 19 and 32 wherein the file key is retrieved to decrypt the encrypted 
data portion in the secured file when access privilege of the user is within access pennissions by 
the access rules. 

Boebert discloses retrieving the file key to decrypt the encrypted data portion in the 
secured file when access privilege of the user is within access permissions by the access rules 
(Fig. 16). 

At the time the invention was made, it would have been obvious to. a person of ordinary 
skill in the art to add the system of authenticating the client machine as well as the human user as 
in the system of Boebert in that authentication process of Samson. One of ordinary skill in the 
art would have been motivated to do this because it enables the implementation of sophisticated 
security policies by the Secure Computer such as the user may be authorized to access 
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engineering drawings, but only form terminals located inside the engineering area (column 4 
lines 35-45). 

In reference to claims 20 and 33, wherein the access mles are expressed in a markup 
language. Samson and Boebert do not disclose the access rules are expressed in a markup 
language. However at the time the invention was made, it would have been obvious to a person 
of ordinary skill in the art to use a markup language to express the access rules. One of ordinary 
skill in the art would have been motivated to do this because markup languages are a set of codes 
in a text file that instruct a computer how to format it on a printer or video display or how to 
index and link its contents and therefore it would detemiine how to index the content based on 
the access ailes. 

Claims 37-42 are rejected under 35 U.S.C. 103(a) as being unpatentable over Stallings in 
view of Narasimhalu as applied to claim 36 above, and further in view of Skarbo et al 
(6,317,777). 

In reference to claim 37, wherein said access control system couples to an enteiprise 
network to restrict access to secured files stored therein. 

Stallings discloses the authentication to access to a seivice, however Stallings does not 
disclose access control system couples to an enterprise network to restrict access to secured files 
stored therein. 

Skarbo discloses a document-collaboration videoconferencing system between na first 
and a second conference attendee (abstract). The system comprises access control system 
couples to an enterprise network to restrict access to secured files stored therein (Fig. 4). 
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At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art that the service provided by the server after authentication should be an enterprise 
network to restrict access to secured files stored therein as in the system taught by Skarbo in the 
server disclosed by Stallings. One of ordinary skill in the art would have been motivated to do 
this because the system would reliably deliver conferencing data to conference participants 
(Skarbo column 1 lines 45-50). 

In reference to claim 38, wherein the access requests are at least primarily processed in a 
distributed manner by said local servers (Fig. 1 1.2). 

In reference to claim 39, wherein when the access requests are processed said local 
servers, the requestors gain access to the secured files without having to access said central 
server (Fig, 1 1 .2). 

In reference to claim 40, wherein the local module can be a copy of the server module so 
any of the local modules can operate independent of said central server and other of said local 
servers (Fig. 1 1 .2). 

In reference to claim 4L wherein the local module can be a subset of the server module 
(Fig. 11.2). 

In reference to claim 42, wherein access pennissions for said local servers can be 
dynamically configured to pass a requestor from one of said local servers to another of said local 
servers, thereby enabling access control to be performed by the another of said local servers such 
as when the location of the requestor changes (Fig. 1 1 .2 multiple kerberi). 
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Claims 43-44 are rejected under 35 U.S.C. 103(a) as being unpatentable over Stallings in 
view of Narasimhalu and Boebert as applied to claim 37 above, and further in view of Pensak 
(6,449,721 Bl). 

In reference to claims 43-44, wherein the secured files are secured by encryption. 

Although Stallings discloses the exchange of session keys, Stallings does not expressly 
disclose that the service is secured by encryption. 

Pensak discloses secured files are secured by encryption (Fig. 1). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to secure the files by encryption as in Pensak in the system of Stallings. One of 
ordinary skill in the art would have been motivated to do this because encryption is a process for 
encoding data that prevents unauthorized access especially during transmission. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Paula W, Klimach whose telephone number is (571) 272-3854. 
The examiner can normally be reached on Mon to Thr 9:30 a.m to 5:30 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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